Vulnerability Details CVE-2026-53852
OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 5.4